Secure your app the easy way!

Laravel Access Control regroups all security needs in order to make them work together. Avoid wasting time and missing some application's parts.

Get started

Star on github

Terminal

composer require lomkit/laravel-access-control

All-in-one security configuration

Laravel

Fully integrates with Laravel to make it even easier to use.

Easy to configure

One place configuration to impact your whole application.

Clean code

Keep your application clean as it grows

First setup

Create your Perimeters

Perimeters defines the functional scopes of your application. They help you structure accesses. Here we will create two simple perimeters for either global access and user related only access

Terminal

php artisan make:perimeter GlobalPerimeter
php artisan make:perimeter OwnPerimeter

Learn more

use Lomkit\Access\Perimeters\Perimeter;

class GlobalPerimeter extends Perimeter
{
    //
}

class OwnPerimeter extends Perimeter
{
    //
}

Create your Control

Control handles the security around the given model using the concerned perimeters. We here want to control our Post model.

Terminal

php artisan make:control PostControl

Learn more

PostControl.php

use Lomkit\Access\Controls\Control;

class PostControl extends Control
{
  protected function perimeters(): array
  {
    return [
      GlobalPerimeter::new()
        ->allowed(function (Model $user, string $method) {
          return $user->can(sprintf('%s global models', $method));
        })
        ->should(function (Model $user, Model $model) {
          return true;
        })
        ->query(function (Builder $query, Model $user) {
          return $query;
        }),
      OwnPerimeter::new()
        ->allowed(function (Model $user, string $method) {
          return $user->can(sprintf('%s own models', $method));
        })
        ->should(function (Model $user, Model $model) {
          return $model->user()->is($user);
        })
        ->query(function (Builder $query, Model $user) {
          return $query->where('user_id', $user->getKey());
        }),
    ];
  }
}

Change your model

Specify your model is controlled via the HasControl trait

Post.php

use Lomkit\Access\Controls\HasControl;

class Post extends Model
{
    use HasControl;
}

Create your Policy

Extend the ControlledPolicy class from Access Control and specify the desired model.

PostPolicy.php

use Lomkit\Access\Policies\ControlledPolicy;

class PostPolicy extends ControlledPolicy
{
    protected string $model = App\Models\Post::class;
}

You are ready to go !

Enjoy the full power of access control.

ModelController.php

// Apply the Control to the query
App\Models\Post::controlled()->get()

// Check if the user can view the post according to the policy
$user->can('view', App\Models\Post::first())

Get started